Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-6886 | 1 Rsa | 1 Envision | 2024-08-07 | N/A |
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks. | ||||
CVE-2008-6871 | 1 Merlix | 1 Educate Server | 2024-08-07 | N/A |
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. | ||||
CVE-2008-6844 | 1 Ez | 1 Ez Publish | 2024-08-07 | N/A |
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | ||||
CVE-2008-6755 | 2 Redhat, Zoneminder | 2 Fedora, Zoneminder | 2024-08-07 | N/A |
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | ||||
CVE-2008-6799 | 1 Tufat | 1 Flashchat | 2024-08-07 | N/A |
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7." | ||||
CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2024-08-07 | N/A |
internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2008-6701 | 1 Netscout | 2 Ngenius Infinistream, Visualizer | 2024-08-07 | N/A |
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request. | ||||
CVE-2008-6770 | 1 Peterselie | 1 Yourplace | 2024-08-07 | N/A |
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt. | ||||
CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2024-08-07 | N/A |
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | ||||
CVE-2008-6747 | 1 Dotproject | 1 Dotproject | 2024-08-07 | N/A |
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-6771 | 1 Peterselie | 1 Yourplace | 2024-08-07 | N/A |
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function. | ||||
CVE-2008-6674 | 1 Quickersite | 1 Quickersite | 2024-08-07 | N/A |
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter. | ||||
CVE-2008-6736 | 1 Circulargenius | 1 Flat Calendar | 2024-08-07 | N/A |
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | ||||
CVE-2008-6673 | 1 Quickersite | 1 Quickersite | 2024-08-07 | N/A |
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action. | ||||
CVE-2008-6643 | 1 Lokicms | 1 Lokicms | 2024-08-07 | N/A |
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php. | ||||
CVE-2008-6619 | 1 Netlab | 1 Classsystem | 2024-08-07 | N/A |
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/. | ||||
CVE-2008-6650 | 1 Mywebland | 1 Minibloggie | 2024-08-07 | N/A |
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628. | ||||
CVE-2008-6613 | 1 Abweb | 1 Minimal-ablog | 2024-08-07 | N/A |
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | ||||
CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2024-08-07 | N/A |
cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | ||||
CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2024-08-07 | N/A |
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. |